diff --git a/.github/workflows/_cve_fetch.yml b/.github/workflows/_cve_fetch.yml index 43cb46b33073..e8ac3f415dcb 100644 --- a/.github/workflows/_cve_fetch.yml +++ b/.github/workflows/_cve_fetch.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set vars id: vars run: | diff --git a/.github/workflows/_cve_scan.yml b/.github/workflows/_cve_scan.yml index f4a885b6c769..12c8ac16e445 100644 --- a/.github/workflows/_cve_scan.yml +++ b/.github/workflows/_cve_scan.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set vars id: vars run: | diff --git a/.github/workflows/_precheck_deps.yml b/.github/workflows/_precheck_deps.yml index 70d5c78fcefe..b81352923ea5 100644 --- a/.github/workflows/_precheck_deps.yml +++ b/.github/workflows/_precheck_deps.yml @@ -61,7 +61,7 @@ jobs: if: ${{ inputs.dependency-review }} steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ fromJSON(inputs.request).request.sha }} persist-credentials: false diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml index 83d83778b654..4f09df78f1b7 100644 --- a/.github/workflows/codeql-daily.yml +++ b/.github/workflows/codeql-daily.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Free disk space uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.3.31 diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml index a709d8bd8244..7726fe5c70d0 100644 --- a/.github/workflows/codeql-push.yml +++ b/.github/workflows/codeql-push.yml @@ -34,7 +34,7 @@ jobs: if: github.repository == 'envoyproxy/envoy' steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 2 diff --git a/.github/workflows/envoy-dependency.yml b/.github/workflows/envoy-dependency.yml index 57a7edc2b2f3..ffbcd73a8482 100644 --- a/.github/workflows/envoy-dependency.yml +++ b/.github/workflows/envoy-dependency.yml @@ -146,7 +146,7 @@ jobs: path: envoy fetch-depth: 0 token: ${{ steps.appauth.outputs.token }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 name: Checkout Envoy build tools repository with: repository: envoyproxy/envoy-build-tools @@ -256,7 +256,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run dependency checker run: | TODAY_DATE=$(date -u -I"date") diff --git a/.github/workflows/envoy-security-check.yml b/.github/workflows/envoy-security-check.yml index b4e364c0f264..5fa88bdef4b8 100644 --- a/.github/workflows/envoy-security-check.yml +++ b/.github/workflows/envoy-security-check.yml @@ -101,7 +101,7 @@ jobs: # SLACK - name: Checkout repository (secure branch) if: matrix.action == 'slack' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # Explicitly checkout main to avoid malicious code ref: main diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml index 164b384e6a62..dc076999576b 100644 --- a/.github/workflows/mobile-release.yml +++ b/.github/workflows/mobile-release.yml @@ -89,7 +89,7 @@ jobs: include: - output: envoy steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 - name: Add safe directory diff --git a/.github/workflows/pr_notifier.yml b/.github/workflows/pr_notifier.yml index 438e8d007de2..6cf5b6d27875 100644 --- a/.github/workflows/pr_notifier.yml +++ b/.github/workflows/pr_notifier.yml @@ -24,7 +24,7 @@ jobs: || !contains(github.actor, '[bot]')) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Notify about PRs run: | ARGS=() diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c69d00581382..55b925884baf 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/toolchain-test.yml b/.github/workflows/toolchain-test.yml index 04c2c9ae3a64..b2951e92b960 100644 --- a/.github/workflows/toolchain-test.yml +++ b/.github/workflows/toolchain-test.yml @@ -32,7 +32,7 @@ jobs: name: "Test: ${{ matrix.name }}" steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run matrix test run: | cd ci/matrix